Merge pull request #3 from mozilla/fake-auth

Sketching in fake auth with hardcoded email and password

README.md

@@ -26,4 +26,6 @@ And then start up browserid:
 
     SHIMMED_PRIMARIES="dev.fxaccounts.mozilla.org|http://127.0.0.1:3030|/tmp/fxwellknown"  npm start
 
-Now you can type foo@dev.fxaccounts.mozilla.org in the test dialog at http://127.0.0.1:10001/. No DNS or `/etc/hosts` hacks are needed.
+Now you can type foo@dev.fxaccounts.mozilla.org in the test dialog at http://127.0.0.1:10001/. No DNS or `/etc/hosts` hacks are needed.
+
+Password is 'asdf'.

server/bin/firefox_account_bridge.js

@@ -12,6 +12,7 @@ const clientSessions = require('client-sessions'),
       config = require('../lib/configuration'),
       express = require('express'),
       nunjucks = require('nunjucks'),
+      routes = require('../lib/routes'),
       urlparse = require('urlparse'),
       util = require('util');
 
@@ -52,24 +53,9 @@ app.use(function(req, resp, next) {
   next();
 });
 
-app.get('/.well-known/browserid', function(req, res) {
-  res.setHeader('Content-Type', 'application/json');
-  res.render('browserid.html');
-});
-
-app.get('/provision', function(req, res) {
-  res.render('provision.html', {
-    browserid_server: config.get('browserid_server'),
-    provisioned: false
-  });
-});
+routes(app);
 
-app.get('/authentication', function(req, res) {
-  res.render('authentication.html', {
-    browserid_server: config.get('browserid_server'),
-    currentEmail: 'null'
-  });
-});
+app.use(express.static(path.join(process.cwd(), '..', 'static')));
 
 if (config.get('use_https')) {
   // Development only... Ops runs this behind nginx
@@ -87,6 +73,7 @@ if (config.get('use_https')) {
 } else {
   port = config.get('port');
   app.listen(port, '0.0.0.0');
+  console.log('config.get("issuer")', config.get('issuer'));
   lstnUrl = util.format('http://%s:%s', config.get('issuer'), port);
 }
 console.log('Firefox Account Bridge listening at', lstnUrl);

server/lib/routes.js

@@ -0,0 +1,52 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+const config = require('../lib/configuration');
+
+module.exports = function(app) {
+  app.get('/.well-known/browserid', function(req, res) {
+    res.setHeader('Content-Type', 'application/json');
+    res.render('browserid.html');
+  });
+
+  app.get('/provision', function(req, res) {
+    var provisioned = req.session.emails || [];
+    res.render('provision.html', {
+      browserid_server: config.get('browserid_server'),
+      provisioned: JSON.stringify(provisioned)
+    });
+  });
+
+  app.post('/provision', function(req, res) {
+    res.setHeader('Content-Type', 'application/json');
+    var email = req.body.email,
+        publicKey = req.body.publicKey,
+        duration = req.body.duration;
+    var certificate = 'TODO';
+    res.send(JSON.stringify({
+      certificate: certificate
+    }));
+  });
+
+  app.get('/authentication', function(req, res) {
+    res.render('authentication.html', {
+      browserid_server: config.get('browserid_server'),
+      currentEmail: 'null'
+    });
+  });
+
+  app.post('/authentication', function(req, res) {
+    res.setHeader('Content-Type', 'application/json');
+    if ('asdf' === req.body.password &&
+        'foo@dev.fxaccounts.mozilla.org' === req.body.email) {
+      if (! req.session.emails) {
+        req.session.emails = [];
+      }
+      req.session.emails.push(req.body.email);
+      res.send(JSON.stringify({status: "OK"}));
+    } else {
+      res.send(JSON.stringify({error: "Wrong username or password"}), 403);
+    }
+  });
+};

server/views/authentication.html

@@ -4,7 +4,7 @@
 <title>Sign in to Firefox Accounts</title>
 </head>
 <body>
-  <form>
+  <form action="/authentication" method="POST">
     <fieldset>
       <label for="email">Email</label>
       <input id="email" name="email" value="" />
@@ -16,13 +16,37 @@
     <button>Sign In</button>
   </form>
 <script src="{{browserid_server}}/authentication_api.js"></script>
+<script src="/js/vendor/jquery-1.7.1.min.js"></script>
 <script>
 navigator.id.beginAuthentication(function(email) {
-  console.log(email);
   if (email === {{ currentEmail }}) {
+
     navigator.id.completeAuthentication();
+  } else {
+    $('form').bind('submit', function(e) {
+      e.preventDefault();
+      if (validateForm(email)) {
+        checkAuth();
+      }
+    });
   }
 });
+
+function validateForm(browseridEmail) {
+  var email = $('#email').val().trim();
+  return email.toLowerCase() === browseridEmail.toLowerCase() &&
+         $('#password').val().trim() !== ''
+}
+
+function checkAuth() {
+  $.post($('form').attr('action'), {
+    email: $('#email').val(),
+    password: $('#password').val(),
+    _csrf: "{{ csrf_token }}"
+  }, function(data) {
+    navigator.id.completeAuthentication();
+  });
+};
 </script>
 </body>
-</html>
+</html>

server/views/provision.html

@@ -1,18 +1,24 @@
 <!DOCTYPE html>
 <script src="{{browserid_server}}/provisioning_api.js"></script>
+<script src="/js/vendor/jquery-1.7.1.min.js"></script>
 <script>
+var provisioned = {{ provisioned }};
+console.log(navigator.id.beginProvisioning);
 navigator.id.beginProvisioning(function(email, certDuration) {
-  {% if provisioned %}
+  if (provisioned.indexOf(email) !== -1) {
     navigator.id.genKeyPair(function(publicKey) {
-      generateServerSide(email, publicKey, certDuration, function (certificate) {
-        // generateServerSide something you would write.
-        // In this example, imagine it does an AJAX request to create a certificate,
-        // and then invokes a callback with that certificate.
+    $.post('/provision', {
+        email: email,
+        publicKey: publicKey,
+        duration: certDuration,
+        _csrf: "{{ csrf_token }}"        
+      }, function (data) {
+        var certificate = data.certificate;
         navigator.id.registerCertificate(certificate);
       });
     });
-  {% else %}
+  } else {
     navigator.id.raiseProvisioningFailure('user is not authenticated as target user');
-  {% endif %}
+  }
 });
-</script>
+</script>